The pfSense package system provides the ability to extend pfSense without adding
bloat and potential security vulnerabilities to the base distribution. Packages
are supported on full installs and a reduced set of packages are available on
NanoBSD-based embedded installs.

Note

NanoBSD installs have the capability of running some packages, but due
to the nature of the platform and its disk writing restrictions, some
packages will not work and thus are not available for installation on that
platform.

To see the packages available for the current firewall platform being utilized,
browse to System > Packages, on the Available Packages tab.

Many of the packages have been written by the pfSense community and not by the
pfSense development team. The available packages vary quite widely, and some are
more mature and well-maintained than others. There are packages which install
and provide a GUI interface for third-party software, such as Squid, and others
which extend the functionality of pfSense itself, like the OpenVPN Client Export
Utility package which automatically creates VPN configuration files.

By far the most popular package available for pfSense is the Squid Proxy Server.
It is installed more than twice as often as the next most popular package:
Squidguard, which is a content filter that works with Squid to control access to
web resources by users. Not surprisingly, the third most popular package is
Lightsquid, which is a Squid log analysis package that makes reports of the web
sites which have been visited by users behind the proxy.

Some other examples of available packages (which are not Squid related) are:

Bandwidth monitors that show traffic by IP address such as ntopng,
and Darkstat.

Extra services such as FreeRADIUS.

Proxies for other services such as SIP and FTP, and reverse proxies for HTTP
or HTTPS such as HAProxy.

Some items that were formerly in the base system but were moved to packages,
such as RIP (routed)

As of this writing there are more than 40 different packages available; too many
to cover them all in this book! The full list of packages that can be installed
on a particular system is available from within any pfSense system by browsing
to System > Packages.

The packages screen may take a little longer to load than other pages in the web
interface. This is because the firewall fetches the package information from the
pfSense package servers before the page is rendered to provide the most up-to-
date package information. If the firewall does not have a functional Internet
connection including DNS resolution, this will fail and trigger a notification.
If the package information has been retrieved previously, it will be displayed
from cache, but the information will be outdated. This is usually caused by a
missing or incorrect DNS server configuration. For static IP connections, verify
working DNS servers are entered on the System > General Setup page. For
those with dynamically assigned connections, ensure the DNS servers assigned by
the ISP are functioning. This traffic will only go via the default gateway on
the firewall, so ensure that gateway is up or change another active WAN gateway
to be the default.